Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
GNU Binutils readelf crashes when processing malformed ELF files
CVE-2025-69651
Summary
A security issue in GNU Binutils' readelf tool can cause it to crash when it encounters a specially crafted ELF file. This is not a security risk for data or code execution, but it can stop the program from working. Update to a fixed version of GNU Binutils to prevent crashes.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gnu | binutils | <= 2.46 | – |
Original title
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations retu...
Original description
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
Vulnerability type
CWE-476
NULL Pointer Dereference
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026